package com.xianyun.site.auth.common.config;

import com.xianyun.common.security.config.PermitAllUrlProperties;
import com.xianyun.site.auth.common.config.bean.IAuthenticationSecurityConfig;
import com.xianyun.site.auth.common.config.system.LoginPageConfig;
import com.xianyun.site.auth.common.handler.LoginFailureHandler;
import com.xianyun.site.auth.common.handler.LoginSuccessHandler;
import com.xianyun.site.auth.service.IUserDetailsService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * @author mac_zyj
 */
@Order(120)
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {


    @Qualifier("IUserDetailsServiceImpl")
    @Autowired
    private IUserDetailsService userDetailsService;
    /**
     * 登出成功的处理
     */
    @Autowired
    private LoginFailureHandler loginFailureHandler;
    /**
     * 登录成功的处理
     */
    @Autowired
    private LoginSuccessHandler loginSuccessHandler;


    @Autowired
    private LoginPageConfig loginPageConfig;

    /**
     * 配置认证方式等
     *
     * @param auth
     * @throws Exception
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService);
    }

    /**
     * 扩展用户登录
     */
    @Autowired
    private IAuthenticationSecurityConfig authenticationSecurityConfig;


    /**
     * 放行URL
     */
    @Autowired
    private PermitAllUrlProperties permitAllUrlProperties;


    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }


    /**
     * http相关的配置，包括登入登出、异常处理、会话管理等
     *
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors().and().csrf().disable();
        // 扩展用户登录
        http.apply(authenticationSecurityConfig)
                .and().authorizeRequests()
                // 放行接口
                .antMatchers(permitAllUrlProperties.getIgnoreUrls().toArray(new String[0])).permitAll()
                // 除上面外的所有请求全部需要鉴权认证
                .anyRequest().authenticated()
                // 异常处理(权限拒绝、登录失效等)
                .and().exceptionHandling()
//                // 匿名用户访问无权限资源时的异常处理
//                .authenticationEntryPoint(anonymousAuthenticationEntryPoint)
//                // 登录用户没有权限访问资源
//                .accessDeniedHandler(accessDeniedHandler)
                // ==========登入===========
                .and().formLogin()
                .loginPage(loginPageConfig.getLoginPage())
                // 允许所有用户
                .permitAll()
                // 登录成功处理逻辑
                .successHandler(loginSuccessHandler)
                // 登录失败处理逻辑
                .failureHandler(loginFailureHandler)
                // ==========登出===========
                .and().logout()
                // 允许所有用户
                .permitAll()
//                // 登出成功处理逻辑
//                .logoutSuccessHandler(logoutSuccessHandler)
//                .deleteCookies(RestHttpSessionIdResolver.AUTH_TOKEN)
//                // ==========会话管理=========
//                .and().sessionManagement()
//                // 超时处理
//                .invalidSessionStrategy(invalidSessionHandler)
//                // 同一账号同时登录最大用户数
//                .maximumSessions(1)
//                // 顶号处理
//                .expiredSessionStrategy(sessionInformationExpiredHandler)
        ;

    }

}
